| Securing and Optimizing Linux: RedHat Edition -A Hands on Guide | ||
|---|---|---|
| Prev | Chapter 26. Linux OpenLDAP Server | Next |
The /etc/openldap/slapd.conf file is the main configuration file for the stand-alone LDAP daemon. Options like: permission, password, database type, database location and so on can be configured in this file and will apply to the slapd daemon as a whole. In the example below we configure the slapd.conf file for an LDBM backend database.
Edit the slapd.conf file, vi /etc/openldap/slapd.conf and add/adjust the following information:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/slapd.at.conf
include /etc/openldap/slapd.oc.conf
schemacheck off
#referral ldap://ldap.itd.umich.edu
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "o=openna, c=com"
directory /var/ldap
rootdn "cn=admin, o=openna, c=com"
rootpw secret
# cleartext passwords, especially for the rootdn, should
# be avoid. See slapd.conf(5) for details.
# ldbm indexed attribute definitions
index cn,sn,uid
index objectclass pres,eq
index default none
# ldbm access control definitions
defaultaccess read
access to attr=userpassword
by self write
by dn="cn=admin, o=openna, c=com" write
by * compare
|
You should be sure to set the following options in your slapd.conf file above before starting the slapd daemon program:
This option specifies the DN of the root of the sub tree you are trying to create. In other words, it indicates what entries are to be held by this database.
This option specifies the directory where the database and associated indexes files of LDAP should reside. We must set this to /var/ldap because we created this directory earlier in the installation stage specifically to handle the backend database of LDAP.
This option specifies the DN of an entry allowed to do anything on the LDAP directory. The name entered here can be one that doesn't actually exist in your password file /etc/passwd.
This option specifies the password that can be used to authenticate the super-user entry of the database. This is the password for the rootdn option above. Its important to not use clear text passwords here and to use a crypto password instead.
These options specify the index definitions you want to build and maintain in the database definition. The options we specifies in our slapd.conf file example above, cause all indexes to be maintained for the cn, sn, and uid attributes; -index cn,sn,uid, presence and an equality indexes for the objectclass attribute -index objectclass pres,eq, and no indexes for all remaining attributes -index default none. See your user manual for more information.
The last options in the file slapd.conf relate to access control in LDAP directory.
defaultaccess read
access to attr=userpassword
by self write
by dn="cn=admin, o=openna, c=com" write
by * compare
|